Some Thoughts on LCP eBook DRM

There's a new(ish) DRM scheme in town! LCP is Readium's "Licensed Content Protection". At the risk of sounding like an utter corporate stooge, I think it is a relatively inoffensive and technically interesting DRM scheme. Primarily because, once you've downloaded your DRM-infected book, you don't need to rely on an online server to unlock it. When you buy a book, your vendor sends you a .lcpl file. This is a plain JSON file which contains some licencing information and a link to download the ePub. Here's a recent one of mine (truncated for legibility): JSON { "issued" : "2025-03-04T12:34:56Z" , "encryption" : { "profile" : "http://readium.org/lcp/profile-2.0" , "content_key" : { "algorithm" : "http://www.w3.org/2001/04/xmlenc#aes256-cbc" , "encrypted_value" : "+v0+dDvngHcD...qTZgmdCHmgg==" } , "user_key" : { "algorithm" : "http://www.w3.org/2001/04/xmlenc#sha256" , "text_hint" : "What is your username?" , "key_check" : "mAGgB...buDPQ==" } b } , "links" : [ { "rel" : "publication" , ... Read full article.